Outsourcing is a critical strategy for supporting user productivity and business growth. Remote third-party access to an organization’s internal systems is an inherent requirement for outsourced services, maintenance, and support.

Many companies overlook this remote vendor access as an area that requires tight security controls. But the fact is, 63% of attacks are caused by security vulnerabilities introduced by a third party.

Join CyberArk and (ISC)2 on Jun 29, 2016 at 2:00p.m. (Singapore Time) for a Security Briefing that you will learn more about this hidden security weak spot – and discover 5 ways to mitigate risk of attack through remote third-party access.

Go beyond the CISSP and challenge yourself with a CISSP Concentration! Got questions on the certifications? We have the answers.

In this info-session, you will learn:

- How large is the cybersecurity workforce gap today
- Why you should pursue CISSP concentrations – ISSAP/ISSEP/ISSMP
- How to earn the certifications – exam and experience requirements
- The recent updates on membership benefits and policies
- And, ask any question that will support your certification journey

Are you ready to prove yourself? Register and begin your journey today!

• Information Systems Security Architecture Professional (ISSAP)
This certification proves your expertise developing, designing and analyzing security solutions. It also shows you excel at giving risk-based guidance to senior management in order to meet organizational goals.

• Information Systems Security Engineering Professional (ISSEP)
This certification recognizes your keen ability to practically apply systems engineering principles and processes to develop secure systems. You have the knowledge and skills to incorporate security into projects, applications, business processes and all information systems.

Identity is a key factor in an organization’s security plan, as it covers both security and productivity. In this webinar, we will look at using identity management to protect your organization internally and externally:

• We have previously covered an overview of zero trust architecture concepts. There are plenty of options available when designing a zero trust network - one of them is Identity Aware Proxy (IAP). The first half of the webinar will focus on best practices when implementing an IAP to enforce identity and access rules at an application layer, rather than network layer, and ensuring access rights are based on “need to know” least access.

• The second half will focus on the rise of credential stuffing criminal activities in Asia Pacific and Japan. This session will focus on the root cause of credential stuffing, financial losses, the methodology adopted by criminals and the automation employed via botnets. We’ll cover case studies of how organisations across different industries have deployed solutions to successfully mitigate the risks posed by botnets.

Join Akamai Technologies and (ISC)² on Dec 5, 2018 (Wed) at 13:00 (Singapore time) to learn how to protect your organization inside out using identity.

Where are you exposed? Where should you prioritise, based on business risk? How is your cyber exposure changing over time? And how effective is your cyber security program, compared to your industry peers?

Critical infrastructure — from energy production to manufacturing to public utilities — has become a prevalent attack vector for both nation-state threat actors as well as common cybercriminals. These attackers exploit vulnerabilities that exist due to the interconnectedness of IT and operational technology (OT) networks in order to establish a foothold in a victim’s environment and cause significant damage.

In response, many organisations are looking to align their IT and OT security programs to better understand and tackle cyber risks in both environments. In this session, Skybox Security will cover what challenges to expect when seeking to achieve this, and how to use comprehensive visibility and contextual intelligence to overcome them.

In this webinar, you will learn:
• What are the inherent risks to OT security and how the continued integration with IT impact risk in both environments
• What are the key concerns for IT and OT security teams and how can they can align to improve security throughout the organization
• Which elements and capabilities are needed to gain seamless visibility of on-premises, cloud and OT networks
• How to use modelling and analytics to understand your attack surface risk and effectively prioritize responses

Join Skybox Security and (ISC)² on Oct 24, 2018 (Wed) at 14:00 (Singapore time) to learn how to strengthen the defense of critical infrastructure.

What’s keeping you up at night? Ransomware? Phishing? Spyware? Malware? Data Breaches? A malicious email typically opens the door to those threats.

Organisations spend great energy (and budget) preventing users from falling prey, but threat actors continue to find ways to get past automated controls, staying one step ahead of artificial intelligence tools. Solving the phishing problem is more than just awareness: it’s about empowering humans to become instinctual nodes on the cyber defence network and feeding their real-time intelligence to security teams for immediate action.

Join Cofense and (ISC)² on Oct 10, 2018 (Wed) at 13:00 (Singapore time) to hear about trends that we’ve been seeing around the globe and how they can impact the Asia-Pacific region.

Too many vulnerability management programs operate on incomplete or out-of-date scan data. What’s more, this data is rarely if ever correlated to their host’s place in the network, meaning efforts can be wasted on remediating already protected vulnerabilities while ignoring those left exposed to attack.

To have a real impact on lowering your risk of cyberattack, organizations need to centralize and analyze data from their entire attack surface to narrow focus on the vulnerabilities most likely to be used in a cyberattack.

In this webinar, you will learn:
• What scanners miss in discovery, prioritization, remediation and oversight processes and how to fill in the gaps
• How the intersection of your assets, networks, business and the threat landscape impact vulnerability risk
• Why context-based approaches target remediation at your riskiest vulnerabilities and help identify patching alternatives
• Insights from Skybox’s 2018 Vulnerability and Threat Trends Report mid-year update

Join Skybox Security and (ISC)² on Sept 26, 2018 (Wed) at 14:00 (Singapore time), as we explore how to get more value out of your data, visualize your attack surface and centralize vulnerability management to systematically reduce your risk of cyberattack.

From stolen intellectual property to loss of reputation and customers, the consequences of a cybersecurity breach are not inconsequential to the bottom line of the business. In this webinar, we’ll take a close look at the true cost of a breach, what to be aware of and how you can mitigate the impact of a breach on your organization.

•Learn the potential impact a breach can have on my organization
•Understand all the potential costs and risks, including the intangible
•How to mitigate the impact of a breach on your organization

Join Nuix and (ISC)² on Sept 19, 2018 (Wed) at 13:00 (Singapore time) to learn how to mitigate the impact of a cybersecurity breach.

Sign up for this webinar and find out how to increase the efficiency of your security tools. Efficient prevention coupled with rapid detection and containment improves your overall security posture. Threats don't stand a chance.

Discover how to select and deploy new security tools faster and more easily than you ever thought possible.

The greatest cyber security threat an organization faces is no longer the malicious outsider hacking from beyond network firewalls. It is the insiders – the contractors, vendors, privileged users and business users – who already have full access to your company’s systems and sensitive data. Addressing this type of threat requires a much different approach, but whether unintentional or malicious, you need to quickly identify and eliminate insider threat. Attend this session to learn best practices for building and maintaining an effective insider threat program.

You will learn:
- Why insider threats are prevalent, despite many organisations implementing a layered defence approach
- How to stop insider threats in their tracks, through comprehensive visibility, real-time intelligence and policy enforcement
- How to help organisations achieve data privacy and protection compliance in line with GDPR regulations
- Why you need to focus on people, processes and technology, in that order

Join ObserveIT and (ISC)² on Sep 5, 2018 (Wed) at 15:00 (Singapore time) to learn how to build an insider threat program.

Get the latest information on real-world incidents, security best practices and trends from Akamai’s Summer 2018 State of the Internet / Security Report: Web Attacks as well as more information on our Zero Trust security best practices in our upcoming live webinar.

You’ll learn:

· A deep dive into bots and credential abusers targeting the hospitality industry, which has seen an extremely high percentage of malicious logins and what can be done

· How some DDoS attacks are employing unusual tactics to increase effectiveness, including the emergence of intelligent, adaptive enemies who change tactics to overcome the defenses in their way

· How to explore the different options of moving into Zero Trust security, look at best practices for implementation and share Akamai’s recommendations of what optimal Zero Trust architecture should be

Join Akamai and (ISC)² on Aug 8, 2018 (Wed) at 13:00 (Singapore time) to learn more about web attacks and zero trust best practices.

In its inaugural report, Tenable Research explores who has the first-mover advantage – cyber criminals or security teams? What’s the difference in time between when an exploit is publicly available for a given vulnerability and the first time that security teams actually assess their systems? And why does this even matter to your organization?

The research team analyzed the 50 most prevalent critical and high-severity vulnerabilities from just under 200,000 vulnerability assessment scans over a three-month period. What did they find?

Alarmingly, all too often, the attackers have the advantage. On average, they have a seven-day head start on defenders. Threat actors are sprinting ahead, exploiting vulnerabilities before security teams have even left the starting blocks – before businesses even know they’re at risk.

(ISC)² is committed to delivering value to our members, providing a transparent view of the organization’s developments and plans for the future. To that end, please join (ISC)² for a virtual Town Hall meeting on July 17, 2018 at 1:00PM Eastern to review many of our new member benefits, service offerings and look at what is still to come in 2018, including enriching professional development opportunities, Security Congress and more. Members and non members alike will enjoy the opportunity to learn how (ISC)² is delivering on its value promise.

Inline security tools operate by actively preventing threats in your network, but deploying and optimizing these tools presents several challenges to both network and security engineers. The downsides can include a potential point of failure, degradation of network and application performance, difficulty to scale and upgrade. The use of a next-generation packet broker and its inline bypass functionality can mitigate these challenges. Join Gigamon and (ISC)² on Jun 27, 2018 (Wed) at 12:00 noon (Singapore Time) to examine how inline bypass can overcome physical deployment obstacles, maximize network availability, increase the scale of inspection and reduce the impact to network performance.

Certain things go together to make the sum of their parts that much better. Peanut Butter and Jelly. Lennon and McCartney. Batman and Robin. In the ever-changing world of the cloud, cyber security professionals need continuous training and certifications to stay up-to-speed and pairing (ISC)2’s CCSP (Certified Cloud Security Professional) with CSA’s CCSK (Certificate of Cloud Security Knowledge) can put any cyber security practitioner ahead in terms of knowledge, skills and job opportunities. On June 12, 2018 at 1:00PM Eastern, join David Shearer, (ISC)2’s CEO and Jim Reavis, CSA’s CEO, along with other subject matter expects as we explore the differences between each program, the training options available for each, and how these programs are synergistic in nature and together were designed to build on one another.

Looking for expertise and information to advance your career and tackle your challenges? Subscribe and join us for the educational webinars in APAC time zone. Earn CPEs quickly and at no cost by attending webinars: 1 hour of webinar equals 1 CPE. We welcome members and non members alike.